CVE-2020-11969
15.06.2020, 20:15
If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX port is opened on TCP port 1099, which does not include authentication. This affects Apache TomEE 8.0.0-M1 - 8.0.1, Apache TomEE 7.1.0 - 7.1.2, Apache TomEE 7.0.0-M1 - 7.0.7, Apache TomEE 1.0.0 - 1.7.5.Enginsight
| Vendor | Product | Version |
|---|---|---|
| apache | tomee | 1.0.0 ≤ 𝑥 ≤ 1.7.5 |
| apache | tomee | 7.0.0 ≤ 𝑥 ≤ 7.0.7 |
| apache | tomee | 7.1.0 ≤ 𝑥 ≤ 7.1.2 |
| apache | tomee | 8.0.0 ≤ 𝑥 ≤ 8.0.1 |
| apache | tomee | 7.0.0:m1 |
| apache | tomee | 7.0.0:m2 |
| apache | tomee | 7.0.0:m3 |
| apache | tomee | 8.0.0:m1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References